SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
netstat
netstat is an operating system utility that displays active TCP connections, listening ports, and network statistics. [1]
ID: S0104
Associated Software: netstat.exe
Type: TOOL
Platforms: Windows, Linux, macOS
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1049 | System Network Connections Discovery |
netstat can be used to enumerate local network connections, including active TCP connections and other network statistics.[1] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0049 | OilRig | |
G0004 | Ke3chang | |
G0018 | admin@338 | |
G0010 | Turla | |
G0071 | Orangeworm | |
G0096 | APT41 |
References
- Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.
- Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
- Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
- Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.
- Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
- FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
- Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
- Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
- Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.
×